The Trend Micro research team has discovered a new zero-day exploit in Adobe Flash used in a malvertisement attack. The exploit affects the most recent version of Adobe Flash and is identified as CVE-2015-0313.
Visitors of the popular site dailymotion.com were directed to a series of sites that eventually led to a compromised URL where the exploit itself was hosted. Trend Micro detects this exploit as SWF_EXPLOIT.MJST and blocks the related URL.
Trend Micro’s primary recommendation to users when vulnerabilities such as this one is discovered is to apply a vendor-issued patch as soon as possible; however, Adobe has not yet released an official patch or fix for this issue as of the time of this writing.
Trend Micro is continuously monitoring other attacks related to this zero-day. The exploit affects the latest version of Flash 18.104.22.1686 and earlier version. Trend Micro’s recommendation to users is to disable or block affected versions of Flash Player until a fixed version is released, and we are closely working with Adobe to ensure a patch will be available this week to address this vulnerability.
Fortunately, Trend Micro has some solutions that already provide protection against this threat:
- The Browser Exploit Prevention (BEP) feature in Trend Micro Endpoint solutions (such as Trend Micro Worry-Free Business Security and Trend Micro OfficeScan) blocks the exploit upon accessing the URL it is hosted in. BEP also protects against exploits that target browsers or related plugins.
- Trend Micro Deep Security, Vulnerability Protection (formerly the IDF plug-in for OfficeScan), and Deep Discovery customers with the latest rules also have an additional layer of protection against this vulnerability. Specifically, Trend Micro will be releasing the following rules and patterns for proactive protection:
- Deep Security rule DSRU15-004
- Deep Packet Inspection (DPI) rule 1006468 for Deep Security and Vulnerability Protection (formerly the IDF plug-in for OfficeScan) customers; and
- The existing Sandbox and Script Analyzer engine that is part of Deep Discovery can also be used to detect this threat, without any engine or pattern update.
Trend Micro always highly recommends that vendor critical patches are applied as soon as possible upon release. Customers and partners who may need some additional information or have questions are encouraged to contact their authorized Trend Micro technical support representative for further assistance.